CVE-2005-4683 : PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

Published 2005-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-4683

Padl Software » Migrationtools » Version: 46
cpe:2.3:a:padl_software:migrationtools:46:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-4683

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-4683

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-4683

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338920

#338920 - migrationtools: Insecure handling of temporary files - Debian Bug report logs

CVEs referencing this url
http://www.osvdb.org/20839

404 Not Found
http://www.vupen.com/english/advisories/2005/2427

Site en construction

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/42335

MigrationTools nis.$$.ldif information disclosure CVE-2005-4683 Vulnerability Report
http://secunia.com/advisories/17530

About Secunia Research | Flexera
Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-4683

Products affected by CVE-2005-4683

Exploit prediction scoring system (EPSS) score for CVE-2005-4683

CVSS scores for CVE-2005-4683

References for CVE-2005-4683